The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability note 29314

Node.js modules: code execution via Invalid Package Name

Synthesis of the vulnerability

An attacker can use a vulnerability via Invalid Package Name of Node.js modules, in order to run code.
Impacted software: Nodejs Modules ~ not comprehensive.
Severity of this computer vulnerability: 3/4.
Consequences of a hack: privileged access/rights, user access/rights.
Attacker's origin: document.
Creation date: 15/05/2019.
Références of this announce: NPM-837, NPM-838, NPM-839, NPM-840, NPM-841, NPM-842, NPM-843, NPM-844, NPM-845, NPM-846, NPM-847, NPM-848, NPM-849, NPM-850, NPM-851, NPM-852, NPM-853, NPM-854, NPM-855, NPM-856, NPM-857, NPM-858, NPM-859, NPM-860, NPM-861, NPM-862, NPM-863, NPM-864, NPM-865, NPM-866, NPM-867, NPM-868, NPM-869, NPM-870, NPM-871, VIGILANCE-VUL-29314.

Description of the vulnerability

An attacker can use a vulnerability via Invalid Package Name of Node.js modules,...
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a software vulnerability management. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.